MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mantisbt
Mantisbt mantisbt |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mantisbt
Mantisbt mantisbt |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-20T21:44:27.707Z
Updated: 2024-08-01T23:13:08.218Z
Reserved: 2024-01-22T22:23:54.339Z
Link: CVE-2024-23830
Vulnrichment
Updated: 2024-08-01T23:13:08.218Z
NVD
Status : Analyzed
Published: 2024-02-20T22:15:08.460
Modified: 2024-12-18T18:03:25.023
Link: CVE-2024-23830
Redhat
No data.